Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EXTJWT command for integrating external web services #547

Open
wants to merge 12 commits into
base: master
Choose a base branch
from
Open

EXTJWT command for integrating external web services #547

wants to merge 12 commits into from

Conversation

ItsOnlyBinary
Copy link

@prawnsalad
This spec provides a way for web services hosted externally to an IRC server to authenticate users that are connected to the IRC server by making use of the standard JWT tokens (https://jwt.io/).

This allows a web service to do things such as:

* Granting admin access to a networks wiki page if a user has +o on the network

* Granting write access to a channels wiki page if the user has +o in the channel

* Automatically creating a user account if the user is logged into the IRC server and has an account name

For a more indepth example we could use the free audio/video conference service - Jitsi Meet. This service has built in JWT verification in that an application can send a user to a URL that contains a JWT token, and if the Jitsi Meet server verifies this token successfully, the user is granted access to that conference room. When an IRC client wants to join a conference room, it would first call EXTJWT #testchannel to receive a JWT token from the IRCd. The client would then open a browser window navigating to the Jitsi Meet URL while passing that token. It is up to the client to decide how and where to use this token, eg. via a "Jitsi Call" button for example.

As prawnsalad has stepped back from IRC development and I have taken over Kiwi IRC development. I cannot allow this ircv3 specification to be abandoned as Kiwi IRC uses it for quite a few plugins. (jitsi conferencing, file uploads, account avatar uploads)

So I have also forked #341 and updated based on comments from within the previous pull-request.

prawnsalad and others added 12 commits July 21, 2018 21:11
@prawnsalad
Create extjwt.md
e2e85ab
@prawnsalad
Update extjwt.md
41c6187
@prawnsalad
Example syntax update; Combine joined+time_joined claims
b53eb93
@prawnsalad
Replacing the nick claim with the JWT standard sub (subject) claim
d1ad8d1
@prawnsalad
Versioning support
51a288a
@prawnsalad
Notes on token expiration
66c11e1
@prawnsalad
Optional verify URL; Optional service names; *modes claim renamed;
4a390fa
@prawnsalad @kylef
vfy 403 > 401
6be574e 
Co-Authored-By: Kyle Fuller <kyle@fuller.li>
@prawnsalad @SadieCat
Update extensions/extjwt.md
6ceab95 
Co-Authored-By: Sadie Powell <sadie@witchery.services>
@prawnsalad
Channel joined claim to be 1 if no timestamp is available
f3facfb
@ItsOnlyBinary
Define possible errors
f5a1879
@ItsOnlyBinary
Remove vfy claim
7e0ce18 
Having the verify url within the token would encourage implementations to use the url without verifying its trusted, allowing the spoofing of tokens. The verify url should be a pre-shared component for trust.
@ItsOnlyBinary
Copy link
Author

ItsOnlyBinary commented Jul 1, 2024
edited
Loading

Reasoning behind removing the vfy claim:

Having the verify url within the token would encourage implementations to use the url without verifying its trusted, allowing the spoofing of tokens.

The verify url should be a pre-shared component for trust, just like the key would be pre-shared.

With the url having the advantage of not actually sharing the key, so that the host of the third party service could not actually generated trusted tokens.

@SadieCat
Copy link
Contributor

SadieCat commented Jul 1, 2024

Our implementation is updated to match the new pull request.

https://github.com/inspircd/inspircd-contrib/blob/master/4/m_ircv3_extjwt.cpp

slingamn
slingamn reviewed Jul 2, 2024
View reviewed changes
extensions/extjwt.md Show resolved Hide resolved
extensions/extjwt.md Show resolved Hide resolved
@SadieCat SadieCat mentioned this pull request Oct 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slingamn slingamn slingamn left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ItsOnlyBinary @SadieCat @slingamn @prawnsalad